1.\" $OpenBSD: sysctl.8,v 1.105 2003/07/08 18:50:40 jmc Exp $ 2.\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ 3.\" 4.\" Copyright (c) 1993 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. Neither the name of the University nor the names of its contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" @(#)sysctl.8 8.2 (Berkeley) 5/9/95 32.\" 33.Dd December 18, 2002 34.Dt SYSCTL 8 35.Os 36.Sh NAME 37.Nm sysctl 38.Nd get or set kernel state 39.Sh SYNOPSIS 40.Nm sysctl 41.Op Fl n 42.Ar name ... 43.Nm sysctl 44.Op Fl nq 45.Fl w 46.Ar name=value ... 47.Nm sysctl 48.Op Fl n 49.Fl aA 50.Sh DESCRIPTION 51The 52.Nm 53utility retrieves kernel state and allows processes with 54appropriate privilege to set kernel state. 55The state to be retrieved or set is described using a 56``Management Information Base'' (``MIB'') style name, 57described as a dotted set of components. 58.Pp 59The options are as follows: 60.Bl -tag -width xxx 61.It Fl a 62List all the currently available string or integer values. 63.It Fl A 64List all the known MIB names including tables. 65Those with string or integer values will be printed as with the 66.Fl a 67flag; for the table values, the name of the utility to retrieve them is given. 68.It Fl n 69Suppress printing of the field name, only output the field value. 70Useful for setting shell variables. 71.Bd -literal 72Example: 73 Set the psize shell variable to the pagesize of the hardware 74 # set psize=`sysctl -n hw.pagesize` 75.Ed 76.It Fl q 77Suppress all output when setting a variable. 78This option overrides the behaviour of 79.Fl n . 80.It Fl w 81Required to set a variable. 82The MIB name should be followed by an equal sign and the new value. 83.El 84.Pp 85The information available from 86.Nm 87consists of integers, strings, and tables. 88The tabular information can only be retrieved by special 89purpose programs such as 90.Nm ps , 91.Nm systat , 92and 93.Nm netstat . 94The string and integer information is summarized below. 95For a detailed description of these variable see 96.Xr sysctl 3 . 97The changeable column indicates whether a process with appropriate 98privilege can change the value. 99.Bl -column net.inet.ip.ipsec-expire-acquirexxxx integerxxx 100.It Sy Name Type Changeable 101.It kern.ostype string no 102.It kern.osrelease string no 103.It kern.osrevision integer no 104.It kern.version string no 105.It kern.maxvnodes integer yes 106.It kern.maxproc integer yes 107.It kern.maxfiles integer yes 108.It kern.argmax integer no 109.It kern.securelevel integer raise only 110.It kern.hostname string yes 111.It kern.hostid u_int yes 112.It kern.clockrate struct no 113.It kern.posix1version integer no 114.It kern.ngroups integer no 115.It kern.job_control integer no 116.It kern.saved_ids integer no 117.It kern.boottime struct no 118.It kern.domainname string yes 119.It kern.maxpartitions integer no 120.It kern.rawpartition integer no 121.It kern.osversion string no 122.It kern.somaxconn integer yes 123.It kern.sominconn integer yes 124.It kern.usermount integer yes 125.It kern.random struct no 126.It kern.nosuidcoredump integer yes 127.It kern.fsync integer no 128.It kern.sysvmsg integer no 129.It kern.sysvsem integer no 130.It kern.sysvshm integer no 131.It kern.arandom u_int no 132.It kern.msgbufsize integer no 133.It kern.malloc.buckets string no 134.It kern.malloc.bucket.<sz> string no 135.It kern.malloc.kmemnames string no 136.It kern.malloc.kmemstat.<name> string no 137.It kern.cp_time struct no 138.It kern.nchstats struct no 139.It kern.forkstat struct no 140.It kern.nselcoll integer no 141.It kern.tty.tk_nin int64_t no 142.It kern.tty.tk_nout int64_t no 143.It kern.tty.tk_rawcc int64_t no 144.It kern.tty.tk_cancc int64_t no 145.It kern.ccpu u_int no 146.It kern.fscale integer no 147.It kern.nprocs integer no 148.It kern.stackgap_random integer yes 149.It kern.usercrypto integer yes 150.It kern.cryptodevallowsoft integer yes 151.It kern.splassert integer yes 152.It kern.nfiles integer no 153.It kern.ttycount integer no 154.It kern.numvnodes integer no 155.It kern.userasymcrypto integer yes 156.It kern.seminfo.semmni integer yes 157.It kern.seminfo.semmns integer yes 158.It kern.seminfo.semmnu integer yes 159.It kern.seminfo.semmsl integer yes 160.It kern.seminfo.semopm integer yes 161.It kern.seminfo.semume integer no 162.It kern.seminfo.semusz integer no 163.It kern.seminfo.semvmx integer no 164.It kern.seminfo.semaem integer no 165.It kern.shminfo.shmmax integer yes 166.It kern.shminfo.shmmin integer yes 167.It kern.shminfo.shmmni integer yes 168.It kern.shminfo.shmseg integer yes 169.It kern.shminfo.shmall integer yes 170.It kern.watchdog.period integer yes 171.It kern.watchdog.auto integer yes 172.It vm.vmmeter struct no 173.It vm.loadavg struct no 174.It vm.psstrings struct no 175.It vm.uvmexp struct no 176.It vm.swapencrypt.enable integer yes 177.It vm.swapencrypt.keyscreated integer no 178.It vm.swapencrypt.keysdeleted integer no 179.It vm.nkmempages integer no 180.It vm.anonmin integer yes 181.It vm.vtextmin integer yes 182.It vm.vnodemin integer yes 183.It vm.maxslp integer no 184.It vm.uspace integer no 185.It fs.posix.setuid integer yes 186.It net.inet.ip.forwarding integer yes 187.It net.inet.ip.redirect integer yes 188.It net.inet.ip.ttl integer yes 189.\" .It net.inet.ip.mtu integer yes 190.It net.inet.ip.sourceroute integer yes 191.It net.inet.ip.directed-broadcast integer yes 192.It net.inet.ip.portfirst integer yes 193.It net.inet.ip.portlast integer yes 194.It net.inet.ip.porthifirst integer yes 195.It net.inet.ip.porthilast integer yes 196.It net.inet.ip.maxqueue integer yes 197.It net.inet.ip.encdebug integer yes 198.It net.inet.ip.ipsec-expire-acquire integer yes 199.It net.inet.ip.ipsec-invalid-life integer yes 200.It net.inet.ip.ipsec-pfs integer yes 201.It net.inet.ip.ipsec-soft-allocs integer yes 202.It net.inet.ip.ipsec-allocs integer yes 203.It net.inet.ip.ipsec-soft-bytes integer yes 204.It net.inet.ip.ipsec-bytes integer yes 205.It net.inet.ip.ipsec-timeout integer yes 206.It net.inet.ip.ipsec-soft-timeout integer yes 207.It net.inet.ip.ipsec-soft-firstuse integer yes 208.It net.inet.ip.ipsec-firstuse integer yes 209.It net.inet.ip.ipsec-enc-alg string yes 210.It net.inet.ip.ipsec-auth-alg string yes 211.It net.inet.ip.mtudisc integer yes 212.It net.inet.ip.mtudisctimeout integer yes 213.It net.inet.ip.ipsec-comp-alg string yes 214.It net.inet.icmp.maskrepl integer yes 215.It net.inet.icmp.bmcastecho integer yes 216.It net.inet.icmp.errppslimit integer yes 217.It net.inet.icmp.rediraccept integer yes 218.It net.inet.icmp.redirtimeout integer yes 219.It net.inet.icmp.tstamprepl integer yes 220.It net.inet.ipip.allow integer yes 221.It net.inet.tcp.rfc1323 integer yes 222.It net.inet.tcp.keepinittime integer yes 223.It net.inet.tcp.keepidle integer yes 224.It net.inet.tcp.keepintvl integer yes 225.It net.inet.tcp.slowhz integer no 226.It net.inet.tcp.baddynamic array yes 227.It net.inet.tcp.recvspace integer yes 228.It net.inet.tcp.sendspace integer yes 229.It net.inet.tcp.sack integer yes 230.It net.inet.tcp.mssdflt integer yes 231.It net.inet.tcp.rstppslimit integer yes 232.It net.inet.tcp.ackonpush integer yes 233.It net.inet.tcp.ecn integer yes 234.It net.inet.udp.checksum integer yes 235.It net.inet.udp.baddynamic array yes 236.It net.inet.udp.recvspace integer yes 237.It net.inet.udp.sendspace integer yes 238.It net.inet.gre.allow integer yes 239.It net.inet.gre.wccp integer yes 240.It net.inet.esp.enable integer yes 241.It net.inet.ah.enable integer yes 242.It net.inet.mobileip.allow integer yes 243.It net.inet.etherip.allow integer yes 244.It net.inet.ipcomp.enable integer yes 245.It net.inet6.ip6.forwarding integer yes 246.It net.inet6.ip6.redirect integer yes 247.It net.inet6.ip6.hlim integer yes 248.It net.inet6.ip6.maxfragpackets integer yes 249.It net.inet6.ip6.accept_rtadv integer yes 250.It net.inet6.ip6.keepfaith integer yes 251.It net.inet6.ip6.log_interval integer yes 252.It net.inet6.ip6.hdrnestlimit integer yes 253.It net.inet6.ip6.dad_count integer yes 254.It net.inet6.ip6.auto_flowlabel integer yes 255.It net.inet6.ip6.defmcasthlim integer yes 256.It net.inet6.ip6.kame_version string no 257.It net.inet6.ip6.use_deprecated integer yes 258.It net.inet6.ip6.rr_prune integer yes 259.It net.inet6.ip6.v6only integer no 260.It net.inet6.ip6.maxfrags integer yes 261.It net.inet6.icmp6.rediraccept integer yes 262.It net.inet6.icmp6.redirtimeout integer yes 263.It net.inet6.icmp6.nd6_prune integer yes 264.It net.inet6.icmp6.nd6_delay integer yes 265.It net.inet6.icmp6.nd6_umaxtries integer yes 266.It net.inet6.icmp6.nd6_mmaxtries integer yes 267.It net.inet6.icmp6.nd6_useloopback integer yes 268.It net.inet6.icmp6.nodeinfo integer yes 269.It net.inet6.icmp6.errppslimit integer yes 270.It net.inet6.icmp6.nd6_maxnudhint integer yes 271.It net.inet6.icmp6.mtudisc_hiwat integer yes 272.It net.inet6.icmp6.mtudisc_lowat integer yes 273.It net.inet6.icmp6.nd6_debug integer yes 274.It net.ipx.ipx.checksum integer yes 275.It net.ipx.ipx.forwarding integer yes 276.It net.ipx.ipx.netbios integer yes 277.It net.ipx.ipx.recvspace integer yes 278.It net.ipx.ipx.sendspace integer yes 279.It debug.syncprt integer yes 280.It debug.busyprt integer yes 281.It debug.doclusterread integer yes 282.It debug.doclusterwrite integer yes 283.It debug.doreallocblks integer yes 284.It debug.doasyncfree integer yes 285.It debug.prtrealloc integer yes 286.It hw.machine string no 287.It hw.model string no 288.It hw.ncpu integer no 289.It hw.byteorder integer no 290.It hw.physmem integer no 291.It hw.usermem integer no 292.It hw.pagesize integer no 293.It hw.diskstats struct no 294.It hw.disknames string no 295.It hw.diskcount integer no 296.It hw.sensors struct no 297.It machdep.console_device dev_t no 298.It machdep.unaligned_print integer yes (alpha only) 299.It machdep.unaligned_fix integer yes (alpha only) 300.It machdep.unaligned_sigbus integer yes (alpha only) 301.It machdep.apmwarn integer yes (i386 only) 302.It machdep.apmhalt integer yes (i386 only) 303.It machdep.kbdreset integer yes (i386 only) 304.It machdep.userldt integer yes (i386 only) 305.It machdep.allowaperture integer yes (XFree86) 306.It machdep.led_blink integer yes (sparc/sparc64) 307.It machdep.ceccerrs integer no (sparc64) 308.It machdep.cecclast quad no (sparc64) 309.It user.cs_path string no 310.It user.bc_base_max integer no 311.It user.bc_dim_max integer no 312.It user.bc_scale_max integer no 313.It user.bc_string_max integer no 314.It user.coll_weights_max integer no 315.It user.expr_nest_max integer no 316.It user.line_max integer no 317.It user.re_dup_max integer no 318.It user.posix2_version integer no 319.It user.posix2_c_bind integer no 320.It user.posix2_c_dev integer no 321.It user.posix2_char_term integer no 322.It user.posix2_fort_dev integer no 323.It user.posix2_fort_run integer no 324.It user.posix2_localedef integer no 325.It user.posix2_sw_dev integer no 326.It user.posix2_upe integer no 327.It user.stream_max integer no 328.It user.tzname_max integer no 329.It ddb.radix integer yes 330.It ddb.max_width integer yes 331.It ddb.max_line integer yes 332.It ddb.tab_stop_width integer yes 333.It ddb.panic integer yes 334.It ddb.console integer yes 335.It ddb.log integer yes 336.It vfs.mounts.* struct no 337.It vfs.ffs.doclusterread integer yes 338.It vfs.ffs.doclusterwrite integer yes 339.It vfs.ffs.doreallocblks integer yes 340.It vfs.ffs.doasyncfree integer yes 341.It vfs.ffs.max_softdeps integer yes 342.It vfs.ffs.sd_tickdelay integer yes 343.It vfs.ffs.sd_worklist_push integer no 344.It vfs.ffs.sd_blk_limit_push integer no 345.It vfs.ffs.sd_ino_limit_push integer no 346.It vfs.ffs.sd_blk_limit_hit integer no 347.It vfs.ffs.sd_ino_limit_hit integer no 348.It vfs.ffs.sd_sync_limit_hit integer no 349.It vfs.ffs.sd_indir_blk_ptrs integer no 350.It vfs.ffs.sd_inode_bitmap integer no 351.It vfs.ffs.sd_direct_blk_ptrs integer no 352.It vfs.ffs.sd_dir_entry integer no 353.It vfs.nfs.iothreads integer yes 354.El 355.Pp 356The 357.Nm 358program can get or set debugging variables 359that have been identified for its display. 360This information can be obtained by using the command: 361.Pp 362.Dl $ sysctl debug 363.Pp 364In addition, 365.Nm 366can extract information about the filesystems that have been compiled 367into the running system. 368This information can be obtained by using the command: 369.Pp 370.Dl $ sysctl vfs.mounts 371.Pp 372By default, only filesystems that are actively being used are listed. 373Use of the 374.Fl A 375flag lists all the filesystems compiled into the running kernel. 376.Sh FILES 377.Bl -tag -width <ufs/ffs/ffs_extern.h> -compact 378.It Aq Pa sys/sysctl.h 379definitions for top level identifiers, second level kernel and hardware 380identifiers, and user level identifiers 381.It Aq Pa dev/rndvar.h 382definitions for 383.Xr random 4 384device's statistics structure 385.It Aq Pa sys/socket.h 386definitions for second level network identifiers 387.It Aq Pa sys/gmon.h 388definitions for third level profiling identifiers 389.It Aq Pa uvm/uvm_param.h 390definitions for second level virtual memory identifiers 391.It Aq Pa uvm/uvm_swap_encrypt.h 392definitions for third level virtual memory identifiers 393.It Aq Pa netinet/in.h 394definitions for third level IPv4/v6 identifiers and 395fourth level IPv4/v6 identifiers 396.It Aq Pa netinet/icmp_var.h 397definitions for fourth level ICMP identifiers 398.It Aq Pa netinet6/icmp6.h 399definitions for fourth level ICMPv6 identifiers 400.It Aq Pa netinet/tcp_var.h 401definitions for fourth level TCP identifiers 402.It Aq Pa netinet/udp_var.h 403definitions for fourth level UDP identifiers 404.It Aq Pa netipx/ipx_var.h 405definitions for third level IPX identifiers and 406fourth level IPX identifiers 407.It Aq Pa ddb/db_var.h 408definitions for second level ddb identifiers 409.It Aq Pa sys/mount.h 410definitions for second level vfs identifiers 411.It Aq Pa nfs/nfs.h 412definitions for third level NFS identifiers 413.It Aq Pa ufs/ffs/ffs_extern.h 414definitions for third level FFS identifiers 415.El 416.Sh EXAMPLES 417To retrieve the maximum number of processes allowed 418in the system: 419.Pp 420.Dl $ sysctl kern.maxproc 421.Pp 422To set the maximum number of processes allowed 423in the system to 1000: 424.Pp 425.Dl # sysctl -w kern.maxproc=1000 426.Pp 427To retrieve information about the system clock rate: 428.Pp 429.Dl $ sysctl kern.clockrate 430.Pp 431To retrieve information about the load average history: 432.Pp 433.Dl $ sysctl vm.loadavg 434.Pp 435To make the 436.Xr chown 2 437system call use traditional BSD semantics (don't clear setuid/setgid bits): 438.Pp 439.Dl # sysctl -w fs.posix.setuid=0 440.Pp 441To set the list of reserved TCP ports that should not be allocated 442by the kernel dynamically: 443.Pp 444.Dl # sysctl -w net.inet.tcp.baddynamic=749,750,751,760,761,871 445.Pp 446This can be used to keep daemons 447from stealing a specific port that another program needs to function. 448List elements may be separated by commas and/or whitespace. 449.Pp 450It is also possible to add or remove ports from the current list: 451.Bd -literal -offset indent 452# sysctl -w net.inet.tcp.baddynamic=+748 453# sysctl -w net.inet.tcp.baddynamic=-871 454.Ed 455.Pp 456To adjust the number of kernel 457.Nm nfsio 458threads used to service asynchronous 459I/O requests on an NFS client machine: 460.Pp 461.Dl # sysctl -w vfs.nfs.iothreads=4 462.Pp 463The number of 4 is the default, 20 is the maximum. 464See 465.Xr nfssvc 2 466and 467.Xr nfsd 8 468for further discussion. 469.Pp 470To set the amount of shared memory available in the system and 471the maximum number of shared memory segments: 472.Bd -literal -offset indent 473# sysctl -w kern.shminfo.shmmax=33554432 474# sysctl -w kern.shminfo.shmseg=32 475.Ed 476.Sh SEE ALSO 477.Xr sysctl 3 , 478.Xr sysctl.conf 5 479.Sh HISTORY 480.Nm sysctl 481first appeared in 482.Bx 4.4 . 483